CVE-2017-9764

MetInfo CMS 5.3.17 contains a cross-site scripting (XSS) vulnerability where an attacker can inject arbitrary web script or HTML by sending crafted Client-IP or X-Forwarded-For HTTP headers to /include/stat/stat.php with a para action. Multiple connected sources (CNVD-2017-25435, CVE/NVD entries)...